Name		Name	Last commit message	Last commit date
parent directory ..
bcc		bcc
README.md		README.md

README.md

notify of new mount and umount syscall

Notes

kprobe needs exact kernel function name. Check symbol at /proc/kallsyms
sys_mount and sys_umount are implemented at

vagrant@bpf-dev:/vagrant2/dnsmon$ cat /proc/kallsyms  | grep sys_mount
0000000000000000 T ksys_mount
0000000000000000 T __x64_sys_mount
0000000000000000 T __ia32_sys_mount
0000000000000000 T __ia32_compat_sys_mount
0000000000000000 T __x32_compat_sys_mount
0000000000000000 t _eil_addr___ia32_sys_mount
0000000000000000 t _eil_addr___x64_sys_mount
0000000000000000 t _eil_addr___x32_compat_sys_mount
0000000000000000 t _eil_addr___ia32_compat_sys_mount


[vagrant@bpf-centos-7 bcc]$ cat /proc/kallsyms  | grep sys_mount
0000000000000000 T sys_mount
0000000000000000 T compat_sys_mount

better use tracepoint for general approach
Where are tracepoints => sudo ls /sys/kernel/debug/tracing/events

https://blogs.oracle.com/linux/post/taming-tracepoints-in-the-linux-kernel

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

mounts

mounts

README.md

Notes

Files

mounts

Directory actions

More options

Directory actions

More options

Latest commit

History

mounts

Folders and files

parent directory

README.md

Notes